You are asked to configure a new SRX Series CPE device at a remote office. The device must participate in forwarding MPLS and IPsec traffic.
Which two statements are true regarding this implementation? (Choose two.)
A. Host inbound traffic must not be processed by the flow module
B. Host inbound traffic must be processed by the flow module
C. The SRX Series device can process both MPLS and IPsec with default traffic handling
D. A firewall filter must be configured to enable packet mode forwarding
You are asked to implement the session cache feature on an SRX5400.
In this scenario, what information does a session cache entry record? (Choose two.)
A. The type of processing to do for ingress traffic
B. The type of processing to do for egress traffic
C. To which SPU the traffic of the session should be forwarded
D. To which NPU the traffic of the session should be forwarded
Click the Exhibit button.

A user is trying to reach a company's website, but the connection errors out. The security policies are configured correctly.
Referring to the exhibit, what is the problem?
A. Persistent NAT must be enabled
B. The action for rule 1 must change to static-nat inet
C. DNS ALG must be disabled
D. Static NAT is missing a rule for DNS server
You correctly configured a security policy to deny certain traffic, but logs reveal that traffic is still allowed.
Which specific traceoption flag will help you troubleshoot this problem?
A. lookup
B. configuration
C. routing-socket
D. rules
Click the Exhibit button.

Your company has purchased a competitor and now must connect the new network to the existing one. The competitor's gateway device is receiving its ISP address using DHCP. Communication between the two sites must be secured; however, obtaining a static public IP address for the new site gateway is not an option at this time. The company has several requirements for this solution:
A site-to-site IPsec VPN must be used to secure traffic between the two sites; The IKE identity on the new site gateway device must use the hostname option; and Internet traffic from each site should exit through
its local Internet connection.
The configuration shown in the exhibit has been applied to the new site's SRX, but the secure tunnel is not
working.
In this scenario, what configuration change is needed for the tunnel to come up?
A. Remove the quotes around the hostname
B. Bind interface st0 to the gateway
C. Change the IKE policy mode to aggressive
D. Apply a static address to ge-0/0/2
Click the Exhibit button.

Referring to the exhibit, which two statements are true? (Choose two.)
A. You can secure intra-VLAN traffic with a security policy on this device
B. You can secure inter-VLAN traffic with a security policy on this device
C. The device can pass Layer 2 and Layer 3 traffic at the same time
D. The device cannot pass Layer 2 and Layer 3 traffic at the same time
Click the Exhibit button.

Which statement is correct regarding the information show in the exhibit?
A. The tunnel binding was discovered automatically
B. The output is for an ADVPN
C. The tunnel gateway address was automatically discovered
D. The tunnel is not encrypting the traffic
Click the Exhibit button.

Referring to the exhibit, which two statements are true? (Choose two.)
A. Events based on this third-party feed will not affect a host's threat score
B. SRX Series devices will block traffic based on this third-party feed
C. SRX Series devices will not block traffic based on this third-party feed
D. Events based on this third-party feed will affect a host's threat score
Which two log format types are supported by the JATP appliance? (Choose two.)
A. YAML
B. XML
C. CSV
D. YANG
You must implement an IPsec VPN on an SRX Series device using PKI certificates for authentication. As
part of the implementation, you are required to ensure that the certificate submission, renewal, and
retrieval processes are handled automatically from the certificate authority.
In this scenario, which statement is correct.
A. You can use CRL to accomplish this behavior.
B. You can use SCEP to accomplish this behavior.
C. You can use OCSP to accomplish this behavior.
D. You can use SPKI to accomplish this behavior.